Grindr App Released HIV Status of Members to Private Third Party Companies

Grindr has found itself in a bit of a sticky situation. The dating app, which is used predominantly by gay, bisexual, and transgender men, currently has over 3.6 million daily users. It recently came under fire when it was discovered that the app had allowed third parties to access encrypted data. As a result, Grindr announced that it will stop sharing this data, which includes the HIV status of its users, effective immediately.

Among other kinds of sensitive data, Grindr admitted that it had shared its users HIV status and date of last testing with two companies, Apptimize and Localytics. Those companies were paid to monitor and analyze the data that Grindr provided.

Because Grindr users are required to use email addresses and GPS locations for their accounts, that identifying information could be used to specify which users self-identify as HIV positive.

According to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, which first identified the data breach, the sharing of HIV status is troubling.

“The HIV status is linked to all the other information. That’s the main issue. I think this is the incompetence of some developers that just send everything, including HIV status.” Other experts, including Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, agree with Pultier’s assessment.

“It allows anybody who is running the network or who can monitor the network — such as a hacker or a criminal with a little bit of tech knowledge, or your ISP or your government — to see what your location is. When you combine this with an app like Grindr that is primarily aimed at people who may be at risk — especially depending on the country they live in or depending on how homophobic the local populace is — this is an especially bad practice that can put their user safety at risk,” Quintin said to BuzzFeed News.

Prior to announcing that it would no longer disseminate information relating to HIV status, Grindr defended itself in a point-by-point rebuttal on Tumblr.

“It’s important to remember that Grindr is a public forum. We give users the option to post information about themselves including HIV status and last test date, and we make it clear in our privacy policy that if you choose to include this information in your profile, the information will also become public,” Grindr representatives wrote.